MiracleLinux 8 : postgresql:16 (AXSA:2024-9053:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9053:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

MiracleLinux 8 : postgresql:15 (AXSA:2024-9055:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9055:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

MiracleLinux 9 : postgresql:16 (AXSA:2024-9501:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9501:01 advisory. postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable...

sudo-rs -- Authenticating user not recorded properly in timestamp

Trifecta Tech Foundation reports: With Defaults targetpw or Defaults rootpw enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as...

kernel: net: incorrect SCM_CREDENTIALS passing

The scmsetcred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application...